CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-27989
https://notcve.org/view.php?id=CVE-2023-27989
05 Jun 2023 — A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerability-in-4g-lte-and-5g-nr-outdoor-routers • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2022-43389
https://notcve.org/view.php?id=CVE-2022-43389
11 Jan 2023 — A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. Una vulnerabilidad de desbordamiento de búfer en la librería del servidor web en el firmware Zyxel NR7101 anterior a V1.15(ACCC.3)C0, que podría permitir que un atacante no autenticado ejecute algunos comandos del sistema operativo o cause condiciones... • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 96EXPL: 0CVE-2022-43391
https://notcve.org/view.php?id=CVE-2022-43391
11 Jan 2023 — A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 96EXPL: 0CVE-2022-43392
https://notcve.org/view.php?id=CVE-2022-43392
11 Jan 2023 — A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request. • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 78EXPL: 0CVE-2022-43390
https://notcve.org/view.php?id=CVE-2022-43390
11 Jan 2023 — A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request. Una vulnerabilidad de inyección de comandos en el programa CGI del firmware Zyxel NR7101 anterior a V1.15(ACCC.3)C0, que podría permitir a un atacante autenticado ejecutar algunos comandos del sistema operativo en un dispositivo vulnerable enviando una solicitud HTTP manipulada... • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-buffer-overflow-vulnerabilities-of-cpe-fiber-onts-and-wifi-extenders • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 66EXPL: 0CVE-2021-35036
https://notcve.org/view.php?id=CVE-2021-35036
01 Mar 2022 — A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k could allow an authenticated attacker to obtain sensitive information from the configuration file. Una vulnerabilidad de almacenamiento de información en texto claro en la versión V5.50(ABTL.0)b2k del firmware de Zyxel VMG3625-T50B podría permitir a un atacante autenticado obtener información sensible del archivo de configuración • https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-cleartext-storage-of-information-vulnerability • CWE-312: Cleartext Storage of Sensitive Information •